Security Audit

browseai-automation

github.com/ComposioHQ/awesome-claude-skills

AI SkillCommit 99e2a2951545

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

browseai-automation received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unpinned dependency on 'rube', `RUBE_REMOTE_WORKBENCH` suggests arbitrary code execution capabilities.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 55/100, indicating areas for improvement.

Last analyzed on February 17, 2026 (commit 99e2a295). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

55%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Shell Execution

1 finding

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings2

Severity	Finding	Layer	Location
CRITICAL	`RUBE_REMOTE_WORKBENCH` suggests arbitrary code execution capabilities The documentation describes `RUBE_REMOTE_WORKBENCH` for 'Bulk ops' using `run_composio_tool()`. The term 'remote workbench' strongly implies a capability for executing arbitrary code or commands in a remote environment. If the LLM is instructed to use this tool with user-controlled input, it could lead to severe command injection, data exfiltration, or privilege escalation vulnerabilities. The scope and sandboxing of this 'workbench' are unclear, posing a significant risk of unauthorized operations. Clarify the exact capabilities and security model of `RUBE_REMOTE_WORKBENCH`. If it allows arbitrary code execution, it should be removed or heavily restricted. Ensure strict input validation and robust sandboxing mechanisms are in place if this tool must remain, and provide clear warnings about its potential dangers to users and the LLM.	Static	SKILL.md:70
HIGH	Unpinned dependency on 'rube' The skill manifest specifies a dependency on 'rube' without a version constraint. This allows for automatic updates to potentially malicious or breaking versions, introducing supply chain risks. If a compromised or malicious version of 'rube' is published, this skill would automatically incorporate it, leading to potential security vulnerabilities. Pin the 'rube' dependency to a specific version or version range in the skill manifest (e.g., `"rube": ["rube==1.2.3"]` or `"rube": ["rube>=1.0,<2.0"]`) to ensure stability and security.	Static	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/df12ed896804fd9e.svg)](https://skillshield.io/report/df12ed896804fd9e)